def test_custom_crypt_filter(with_hex_filter, main_unencrypted):
w = writer.PdfFileWriter()
custom = pdf_name('/Custom')
crypt_filters = {
custom: StandardRC4CryptFilter(keylen=16),
}
if main_unencrypted:
# streams/strings are unencrypted by default
cfc = CryptFilterConfiguration(crypt_filters=crypt_filters)
else:
crypt_filters[STD_CF] = StandardAESCryptFilter(keylen=16)
cfc = CryptFilterConfiguration(crypt_filters=crypt_filters,
default_string_filter=STD_CF,
default_stream_filter=STD_CF)
sh = StandardSecurityHandler.build_from_pw_legacy(
rev=StandardSecuritySettingsRevision.RC4_OR_AES128,
id1=w.document_id[0],
desired_user_pass="******",
desired_owner_pass="******",
keylen_bytes=16,
crypt_filter_config=cfc)
w._assign_security_handler(sh)
test_data = b'This is test data!'
dummy_stream = generic.StreamObject(stream_data=test_data)
dummy_stream.add_crypt_filter(name=custom, handler=sh)
ref = w.add_object(dummy_stream)
dummy_stream2 = generic.StreamObject(stream_data=test_data)
ref2 = w.add_object(dummy_stream2)
if with_hex_filter:
dummy_stream.apply_filter(pdf_name('/AHx'))
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
r.decrypt("ownersecret")
obj: generic.StreamObject = r.get_object(ref.reference)
assert obj.data == test_data
if with_hex_filter:
cf_dict = obj['/DecodeParms'][1]
else:
cf_dict = obj['/DecodeParms']
assert cf_dict['/Name'] == pdf_name('/Custom')
obj2: generic.DecryptedObjectProxy = r.get_object(
ref2.reference, transparent_decrypt=False)
raw = obj2.raw_object
assert isinstance(raw, generic.StreamObject)
if main_unencrypted:
assert raw.encoded_data == test_data
else:
assert raw.encoded_data != test_data
def test_custom_crypt_filter_errors():
w = writer.PdfFileWriter()
custom = pdf_name('/Custom')
crypt_filters = {
custom: StandardRC4CryptFilter(keylen=16),
STD_CF: StandardAESCryptFilter(keylen=16)
}
cfc = CryptFilterConfiguration(crypt_filters=crypt_filters,
default_string_filter=STD_CF,
default_stream_filter=STD_CF)
sh = StandardSecurityHandler.build_from_pw_legacy(
rev=StandardSecuritySettingsRevision.RC4_OR_AES128,
id1=w.document_id[0],
desired_user_pass="******",
desired_owner_pass="******",
keylen_bytes=16,
crypt_filter_config=cfc)
w._assign_security_handler(sh)
test_data = b'This is test data!'
dummy_stream = generic.StreamObject(stream_data=test_data)
with pytest.raises(misc.PdfStreamError):
dummy_stream.add_crypt_filter(name='/Idontexist', handler=sh)
# no handler
dummy_stream.add_crypt_filter(name=custom)
dummy_stream._handler = None
w.add_object(dummy_stream)
out = BytesIO()
with pytest.raises(misc.PdfStreamError):
w.write(out)
def test_custom_pubkey_crypt_filter(with_hex_filter, main_unencrypted):
w = writer.PdfFileWriter()
custom = pdf_name('/Custom')
crypt_filters = {
custom: PubKeyRC4CryptFilter(keylen=16),
}
if main_unencrypted:
# streams/strings are unencrypted by default
cfc = CryptFilterConfiguration(crypt_filters=crypt_filters)
else:
crypt_filters[DEFAULT_CRYPT_FILTER] = PubKeyAESCryptFilter(
keylen=16, acts_as_default=True)
cfc = CryptFilterConfiguration(
crypt_filters=crypt_filters,
default_string_filter=DEFAULT_CRYPT_FILTER,
default_stream_filter=DEFAULT_CRYPT_FILTER)
sh = PubKeySecurityHandler(version=SecurityHandlerVersion.RC4_OR_AES128,
pubkey_handler_subfilter=PubKeyAdbeSubFilter.S5,
legacy_keylen=16,
crypt_filter_config=cfc)
# if main_unencrypted, these should be no-ops
sh.add_recipients([PUBKEY_TEST_DECRYPTER.cert])
# (this is always pointless, but it should be allowed)
sh.add_recipients([PUBKEY_TEST_DECRYPTER.cert])
crypt_filters[custom].add_recipients([PUBKEY_TEST_DECRYPTER.cert])
w._assign_security_handler(sh)
encrypt_dict = w._encrypt.get_object()
cfs = encrypt_dict['/CF']
# no /Recipients in S5 mode
assert '/Recipients' not in encrypt_dict
assert isinstance(cfs[custom]['/Recipients'], generic.ByteStringObject)
if main_unencrypted:
assert DEFAULT_CRYPT_FILTER not in cfs
else:
default_rcpts = cfs[DEFAULT_CRYPT_FILTER]['/Recipients']
assert isinstance(default_rcpts, generic.ArrayObject)
assert len(default_rcpts) == 2
# custom crypt filters can only have one set of recipients
with pytest.raises(misc.PdfError):
crypt_filters[custom].add_recipients([PUBKEY_TEST_DECRYPTER.cert])
test_data = b'This is test data!'
dummy_stream = generic.StreamObject(stream_data=test_data)
dummy_stream.add_crypt_filter(name=custom, handler=sh)
ref = w.add_object(dummy_stream)
dummy_stream2 = generic.StreamObject(stream_data=test_data)
ref2 = w.add_object(dummy_stream2)
if with_hex_filter:
dummy_stream.apply_filter(pdf_name('/AHx'))
out = BytesIO()
w.write(out)
r = PdfFileReader(out)
r.decrypt_pubkey(PUBKEY_TEST_DECRYPTER)
# the custom test filter shouldn't have been decrypted yet
# so attempting to decode the stream should cause the crypt filter
# to throw an error
obj: generic.StreamObject = r.get_object(ref.reference)
with pytest.raises(misc.PdfError):
# noinspection PyStatementEffect
obj.data
r.security_handler.crypt_filter_config[custom].authenticate(
PUBKEY_TEST_DECRYPTER)
assert obj.data == test_data
if with_hex_filter:
cf_dict = obj['/DecodeParms'][1]
else:
cf_dict = obj['/DecodeParms']
assert cf_dict['/Name'] == pdf_name('/Custom')
obj2: generic.DecryptedObjectProxy = r.get_object(
ref2.reference, transparent_decrypt=False)
raw = obj2.raw_object
assert isinstance(raw, generic.StreamObject)
if main_unencrypted:
assert raw.encoded_data == test_data
else:
assert raw.encoded_data != test_data